Compliance & Security 101: Abuse, phishing and intellectual property infringement

Hi Typeform community, 

This is Rai from the Compliance Support team, here with another instalment of our Compliance & Security 101 series.

I’d like to cover two important topics that we deal with on a regular basis in Support and that are important for our customers and typeform respondents to be aware of – phishing and intellectual property infringements.

Phishing and intellectual property/copyright infringements are the most common Typeform-related abusive activities, often with the aim to collect personal information for illegitimate or even illegal purposes. There are other types of abuse we encounter in our forms too though, including: nudity, promoting hatred, violence or illegal/offensive activities, spam, malware, or the collection of private and confidential information. All of these can be reported by submitting a typeform via our Report Abuse Help Center article.

Here I’ll give a quick introduction to the topic and then outline more information on how we handle phishing and intellectual property infringements, so you can help us protect yourself and others.

 

First of all, let’s shed some light on the topic of phishing in our forms - the most common situation we deal with.

Phishing

Typeform is a powerful tool for asking questions and collecting information online. And since it is an open platform that everyone can use, it is important this happens in compliance with our terms and conditions and in an ethical way. Although we have our internal methods of detecting this, you may still come  across forms that look suspicious. If you believe a typeform might be being used for illegitimate purposes, you can report it for abuse.

The most common abuse cases our users and respondents report are where fraudsters try to collect login information to a third party service (username and password) by impersonating that service. This is called phishing. There are a number of examples that can involve this fraudulent activity:

• Online bank login/verification

• Cell phone company login/verification 

• Game hacks

• Email account verification or updates

• University database logins

• Credit Card/SSN forms 

• Social Media account logins

Here’s a typical example of a phishing typeform:

All of the above is considered abusive behaviour and as I mentioned we have our means to detect such phishing activities. However, it may still happen from time to time that our users or respondents have to face such a form. We strongly recommend reporting this to us, especially if you have already submitted sensitive information. We can then review and take the necessary action to make sure the form cannot collect any further data and suspend the account it belongs to. Again this can be reported by filling out a typeform here or by sending a support ticket. 

Intellectual property infringement

Intellectual property or copyright infringement is something that happens occasionally in typeforms for different reasons. For example, the form creator wasn't aware of the fact that using a company's or organisation's intellectual property (like logos or names) is not allowed, or because someone is doing this intentionally in order to generate confidence and lure respondents into submitting their form. 

In either case it is our policy to respond to clear notices of alleged copyright infringement. If you own the copyright to material found in a typeform and believe this form has not been created by someone in your organisation, or who does not have the required permission to do so, please let us know by sending us the form URL and the reasons for your claim. We will then be able to review this and provide you with information about the next steps to be taken. In general these cases can be resolved in a timely manner by our legal team. 

You can report this via our abuse form here or also by submitting a support ticket.